NVD

Id
35347  
Name
CVE-2014-8135  
Description
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.  
Reject
 
CVSS Version
2  
CVSS Score
2.1  
Severity
Low  
CVSS Base Score
2.1  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2014-12-19  
Modified Date
2015-01-09  
Seq
2014-8135  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
181094 35347 CVE-2014-8135 http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984  View
181095 35347 CVE-2014-8135 openSUSE-SU-2015:0008  View
181096 35347 CVE-2014-8135 http://security.libvirt.org/2014/0009.html  View
181097 35347 CVE-2014-8135 https://bugzilla.redhat.com/show_bug.cgi?id=1087104  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18457 JVNDB-2014-007332 libvirt の storage/storage_driver.c の storageVolUpload 関数におけるサービス運用妨害 (DoS) の脆弱性 libvirt の storage/storage_driver.c の storageVolUpload 関数は、特定の戻り値をチェックしないため、サービス運用妨害 (NULL ポインタデリファレンスおよびデーモンクラッシュ) 状態にされる脆弱性が存在します。 CVE-2014-8135 75428 CVE-2014-8135 35347 2.1 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007332.html 2014-12-03 2015-01-14 View